Hello All,
I have used TDI driver to detect HTTP URLs and blocked them as per requirement.
Now i want to block HTTPS URLs, I have some doubt regarding same.
As HTTPS Urls are encrypted, we need to decrypt it for scanning. Is it legal to make Man-In-Middle Attack to detect such URLs?
Which network driver is suitable to detect HTTPS packet data i.e. TDI or NDIS IM?
Regards,
Mark Smith
>
Hello All,
I have used TDI driver to detect HTTP URLs and blocked them as per
requirement.
Now i want to block HTTPS URLs, I have some doubt regarding same.
- As HTTPS Urls are encrypted, we need to decrypt it for scanning. Is it legal
to make Man-In-Middle Attack to detect such URLs?
No it is not. And if you find out that it is possible, you have discovered a major flaw in the protocol.
You can proxy https, but I still don’t think it gives up the URL, just the IP address (or hostname?)
James
On 1/17/2012 10:04 AM, xxxxx@gmail.com wrote:
I have used TDI driver to detect HTTP URLs and blocked them as per requirement.
Now i want to block HTTPS URLs, I have some doubt regarding same.
Wouldn’t it be easier just to rip out the network card and hotglue the
screws?
If your task is to block specific hosts, you can achieve this by using DNS
to convert your list of blocked URLs into a list of blocked IP addresses and
check the destination address in your filter. if you want to be able to
filter the whole URL (ie https://somehost.somedomain.com/path1/home.asp is
okay, but https://somehost.somedomain.com/path2/home.asp is not) then you
have a major hacking job.
wrote in message news:xxxxx@ntdev…
Hello All,
I have used TDI driver to detect HTTP URLs and blocked them as per
requirement.
Now i want to block HTTPS URLs, I have some doubt regarding same.
As HTTPS Urls are encrypted, we need to decrypt it for scanning. Is it
legal to make Man-In-Middle Attack to detect such URLs?
Which network driver is suitable to detect HTTPS packet data i.e. TDI or
NDIS IM?
Regards,
Mark Smith